gst-plugins-bad1.0_1.4.4-2.1+deb8u2_amd64.changes ACCEPTED into proposed-updates->stable-new, proposed-updates

Debian FTP Masters ftpmaster at ftp-master.debian.org
Thu Mar 30 19:47:13 UTC 2017



Accepted:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 25 Mar 2017 19:38:02 +0200
Source: gst-plugins-bad1.0
Binary: gstreamer1.0-plugins-bad-doc gstreamer1.0-plugins-bad gstreamer1.0-plugins-bad-dbg libgstreamer-plugins-bad1.0-0 libgstreamer-plugins-bad1.0-dev
Architecture: source all amd64
Version: 1.4.4-2.1+deb8u2
Distribution: jessie-security
Urgency: medium
Maintainer: Maintainers of GStreamer packages <pkg-gstreamer-maintainers at lists.alioth.debian.org>
Changed-By: Sebastian Dröge <slomo at debian.org>
Description:
 gstreamer1.0-plugins-bad - GStreamer plugins from the "bad" set
 gstreamer1.0-plugins-bad-dbg - GStreamer plugins from the "bad" set (debug symbols)
 gstreamer1.0-plugins-bad-doc - GStreamer documentation for plugins from the "bad" set
 libgstreamer-plugins-bad1.0-0 - GStreamer development files for libraries from the "bad" set
 libgstreamer-plugins-bad1.0-dev - GStreamer development files for libraries from the "bad" set
Changes:
 gst-plugins-bad1.0 (1.4.4-2.1+deb8u2) jessie-security; urgency=medium
 .
   * debian/patches/0001-psdemux-Rewrite-PSM-parsing-using-GstByteReader.patch
     + The gst_ps_demux_parse_psm function in gst/mpegdemux/gstmpegdemux.c in
       gst-plugins-bad in GStreamer allows remote attackers to cause a denial of
       service (invalid memory read and crash) via vectors involving PSM parsing.
       https://bugzilla.gnome.org/show_bug.cgi?id=777957
 .
       Fixes CVE-2017-5848
 .
   * debian/patches/0002-mxfdemux-Set-stream-tags-to-NULL-after-unreffing.patch
     + Multiple use-after-free vulnerabilities in the (1)
       gst_mini_object_unref, (2) gst_tag_list_unref, and (3)
       gst_mxf_demux_update_essence_tracks functions in GStreamer before 1.10.3
       allow remote attackers to cause a denial of service (crash) via vectors
       involving stream tags, as demonstrated by 02785736.mxf.
       https://bugzilla.gnome.org/show_bug.cgi?id=777503
 .
       Fixes CVE-2017-5843
 .
   * debian/patches/0003-mpegtssection-Fix-PAT-parsing.patch
     + The _parse_pat function in the mpegts parser in GStreamer before 1.10.2
       allows remote attackers to cause a denial of service (NULL pointer
       dereference and crash) via a crafted file.
       https://bugzilla.gnome.org/show_bug.cgi?id=775120
 .
       Fixes CVE-2016-9813
 .
   * debian/patches/0004-mpegtssection-Add-more-section-size-checks.patch
     + The gst_mpegts_section_new function in the mpegts decoder in GStreamer
       before 1.10.2 allows remote attackers to cause a denial of service
       (out-of-bounds read) via a too small section.
       https://bugzilla.gnome.org/show_bug.cgi?id=775048
 .
       Fixes CVE-2016-9812
 .
   * debian/patches/0005-h264parse-Ensure-codec_data-has-the-required-size-wh.patch,
     debian/patches/0006-h265parse-Ensure-codec_data-has-the-required-size-wh.patch:
     + Off-by-one error in the gst_h264_parse_set_caps function in GStreamer
       before 1.10.2 allows remote attackers to have unspecified impact via a
       crafted file, which triggers an out-of-bounds read.
       https://bugzilla.gnome.org/show_bug.cgi?id=774896
 .
       Fixes CVE-2016-9809
Checksums-Sha1:
 7f21ea1936194d042d511ec3678ea5e0b7a57f35 4479 gst-plugins-bad1.0_1.4.4-2.1+deb8u2.dsc
 aeb5a657dfcab066feaa70c9ad1a93fa2c6ad1f6 41272 gst-plugins-bad1.0_1.4.4-2.1+deb8u2.debian.tar.xz
 9229619b641972136436b7d88f86bfbc1ca54170 1234524 gstreamer1.0-plugins-bad-doc_1.4.4-2.1+deb8u2_all.deb
 2298d44d72752b4a7dd414eb1e9410f8dc1c90b0 2368090 gstreamer1.0-plugins-bad_1.4.4-2.1+deb8u2_amd64.deb
 571657b645486029bfeb0bad0e25d20656b2a09f 6699930 gstreamer1.0-plugins-bad-dbg_1.4.4-2.1+deb8u2_amd64.deb
 48ccd699345a3113ea1d7240b1aac88f67cd964c 1327078 libgstreamer-plugins-bad1.0-0_1.4.4-2.1+deb8u2_amd64.deb
 507118882f68f98d73c3da7a682b9621c21052f0 1109874 libgstreamer-plugins-bad1.0-dev_1.4.4-2.1+deb8u2_amd64.deb
Checksums-Sha256:
 fa5f65c805031440e8f199e69fa02a316131beb7396dcdd55c469f9242702803 4479 gst-plugins-bad1.0_1.4.4-2.1+deb8u2.dsc
 b23e9ac1e013dea6427d32a29a4c414aee54cd2abad2d427074aa83f9aab79e0 41272 gst-plugins-bad1.0_1.4.4-2.1+deb8u2.debian.tar.xz
 8667f358e0db6036a22d4a1f5de990b71ca0bf143065a832ab36adf28ae1d139 1234524 gstreamer1.0-plugins-bad-doc_1.4.4-2.1+deb8u2_all.deb
 b468962ef9cd63cfdf6cc664e11382562649c25b233ece4574e02958aa442064 2368090 gstreamer1.0-plugins-bad_1.4.4-2.1+deb8u2_amd64.deb
 1a9377427e50abe81b7a064c0075454290d6a91e0ab1eea613fe5dd9fef7942a 6699930 gstreamer1.0-plugins-bad-dbg_1.4.4-2.1+deb8u2_amd64.deb
 6c50fdeb71ce2804cfd914926c100a7cddb303cee4258ef15cc3856998be97a7 1327078 libgstreamer-plugins-bad1.0-0_1.4.4-2.1+deb8u2_amd64.deb
 191b2c8eb64b8ba7fc13191837caefe24164b8aa8cd945e88987f5f7e62912b4 1109874 libgstreamer-plugins-bad1.0-dev_1.4.4-2.1+deb8u2_amd64.deb
Files:
 e54d87f3681318b1a2766ee9157439bf 4479 libs extra gst-plugins-bad1.0_1.4.4-2.1+deb8u2.dsc
 7b8383f5f6a65f18cb34575cf61fef9b 41272 libs extra gst-plugins-bad1.0_1.4.4-2.1+deb8u2.debian.tar.xz
 f0351238301b061b227b85e9187a735e 1234524 doc extra gstreamer1.0-plugins-bad-doc_1.4.4-2.1+deb8u2_all.deb
 8a0d13b3e683b649140d77e398a0fd9b 2368090 libs extra gstreamer1.0-plugins-bad_1.4.4-2.1+deb8u2_amd64.deb
 6cb24f6e3ad73f037c8e6621dcb29a50 6699930 debug extra gstreamer1.0-plugins-bad-dbg_1.4.4-2.1+deb8u2_amd64.deb
 79bb6783459eb3c62ba85b2e8703fcd9 1327078 libs extra libgstreamer-plugins-bad1.0-0_1.4.4-2.1+deb8u2_amd64.deb
 6b204a43b43165c4461fdb0c5a3dc157 1109874 libdevel extra libgstreamer-plugins-bad1.0-dev_1.4.4-2.1+deb8u2_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQKmBAEBCgCQFiEEf0vHzDygb5cza7/rBmjMFIbC17UFAljWruRfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDdG
NEJDN0NDM0NBMDZGOTczMzZCQkZFQjA2NjhDQzE0ODZDMkQ3QjUSHHNsb21vQGNv
YXhpb24ubmV0AAoJEAZozBSGwte1uu0QAM56hOR2oXJQnfP2E+ubVDQuK9rvgO+Y
EnvNsKOL/vIlpdw80Wsk2m0sITKxkicJvJs50h0znw6Z3XerQW5Doa1DgfzXJwNk
1Mvsm1gfkWak8YLcyDweJihURKW+IL36QEfYEi4cY0GHg7V/lHbqA+7KugMU19XC
FXTQVM6TJkyg8S6OIo5MhsQULOJPr/3T54+6gvBxOEifDIq7lPV36mkXLXI4NV13
yTxEnuN5IjgGFaDzpZ5fSNYcM/0wQ4s+JLeHEvTFDO55iQYEX9VMQ8dkc0s+CMyB
wF6Uh37OZ9dxxYyNHQvPfy132D3husbEsL/rPyyyvQzT6qj/XPfAaKsLfxuTIF0y
aVRhnRHvGwhJinWB0Gk0X11ujvrYOdYq6kNOMEL925py+srvPeE3LBUhZ4XxVCX8
3WbMcdL3/BwKFuKQ5jbH/Vx/XsUUGS6Y+OC9fMABhZYQ1BS5gpRkmG5bn5NmGx0c
jx9y4qJPRpWKrDy0DVdnPCAVWh3+Jy9KWa9Y1H21629Aq7nB5w4rJUY2uvuMbT6z
uHCLPMCAsmov+xjCwQXA/x8TjfHG9OUZJY0bT926wP9aOA4hw7icdTAvNF6vbmVX
kdvCpYFTawUxNmg++gbUWi0+Z+owAoyF9VvSGlUUM3vLHMIzrgFPT8bw/sHPSgXn
73Xt3DzNr+hy
=OVXF
-----END PGP SIGNATURE-----


Thank you for your contribution to Debian.



More information about the pkg-gstreamer-maintainers mailing list